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ABSTRACT : Cloud computing economically enables the paradigm of data service outsourcing. However, to protect data 
privacy, sensitive cloud data has to be encrypted before outsourced to the commercial public cloud, which makes effective 
data utilization service a very challenging task. Focusing on engineering computing and optimization tasks, this paper 
investigates secure outsourcing of widely applicable linear programming computations. In order to achieve practical 
efficiency, our mechanism design explicitly decomposes the LP computation outsourcing into public LP solvers running on 
the cloud and private LP parameters owned by the customer. The resulting flexibility allows us to explore appropriate 
security/ efficiency tradeoff via higher-level abstraction of LP computations than the general circuit representation. The 
result verification mechanism is extremely efficient and incurs close-to-zero additional cost on both cloud server and 
customers. Extensive security analysis and experiment results show the immediate practicability of our mechanism design. 
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I. INTRODUCTION 

Cloud Computing provides convenient on-demand network access to a shared pool of configurable computing 
resources that can be rapidly deployed with great efficiency and minimal management overhead. The fundamental advantage 
of the cloud paradigm is computation outsourcing, where the computational power of cloud customers is no longer limited 
by their resource-constraint devices. By outsourcing the workloads into the cloud, customers could enjoy the literally 
unlimited computing resources in a pay-per-use manner without committing any large capital outlays in the purchase of both 
hardware and software and/or the operational overhead therein. On the one hand, the outsourced computation workloads 
often contain sensitive information, such as the business financial records, proprietary research data, or personally 
identifiable health information etc. To combat against unauthorized information leakage, sensitive data have to be encrypted 
before outsourcing so as to provide end to- end data confidentiality assurance in the cloud and beyond. On the other hand, 
the operational details inside the cloud are not transparent enough to customers .For example, for the computations that 
require a large amount of computing resources, there are huge financial incentives for the cloud to be "lazy" if the customers 
cannot tell the correctness of the output. Besides, possible software bugs, hardware failures, or even outsider attacks might 
also affect the quality of the computed results. Thus, we argue that the cloud is intrinsically not secure from the viewpoint of 
customers. Without providing a mechanism for secure computation outsourcing, i.e., to protect the sensitive input and output 
information of the workloads and to validate the integrity of the computation result, it would be hard to expect cloud 
customers to turn over control of their workloads from local machines to cloud solely based on its economic savings and 
resource flexibility. For practical consideration, such a design should further ensure that customers perform less amount of 
operations following the mechanism than completing the computations by themselves directly. 




Figl. Architecture of secure outsourcing linear programming problems in Cloud Computing 



In this paper, we study practically efficient mechanisms for secure outsourcing of linear programming (LP) 
computations. Linear programming is an algorithmic and computational tool which captures the first order effects of various 
system parameters that should be optimized, and is essential to engineering optimization. It has been widely used in various 
engineering disciplines that analyze and optimize real-world systems, such as packet routing, flow control, power 
management of data centers, etc. Because LP computations require a substantial amount of computational power and usually 
involve confidential data, we propose to explicitly decompose the LP computation outsourcing into public LP solvers 
running on the cloud and private LP parameters owned by the customer. The flexibility of such a decomposition allows us to 
explore higher-level abstraction of LP computations than the general circuit representation for the practical efficiency. 
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II. PROBLEM DEFINITION 
On the one hand, the outsourced computation workloads often contain sensitive information, such as the business 
financial records, proprietary research data, or personally identifiable health information etc. To combat against unauthorized 
information leakage, sensitive data have to be encrypted before outsourcing so as to provide end to- end data confidentiality 
assurance in the cloud and beyond. However, ordinary data encryption techniques in essence prevent cloud from performing 
any meaningful operation of the underlying plaintext data, making the computation over encrypted data a very hard problem. 
On the other hand, the operational details inside the cloud are not transparent enough to customers. As a result, there do exist 
various motivations for cloud server to behave unfaithfully and to return incorrect results, i.e., they may behave beyond the 
classical semi honest model. 

Fully homomorphic encryption (FHE) scheme, a general result of secure computation outsourcing has been shown viable in 
theory, where the computation is represented by an encrypted combinational Boolean circuit that allows to be evaluated with 
encrypted private inputs. 

III. EXISTING SYSTEM: 

Despite the tremendous benefits, outsourcing computation to the commercial public cloud is also depriving 
customers direct control over the systems that consume and produce their data during the computation, which inevitably 
brings in new security concerns and challenges towards this promising computing model. On the one hand, the outsourced 
computation workloads often contain sensitive information, such as the business financial records, proprietary research data, 
or personally identifiable health information etc. 

To combat against unauthorized information leakage, sensitive data have to be encrypted before outsourcing, so as to provide 
end to- end data confidentiality assurance in the cloud and beyond. However, ordinary data encryption techniques in essence 
prevent cloud from performing any meaningful operation of the underlying plaintext data, making the computation over 
encrypted data a very hard problem. On the other hand, the operational details inside the cloud are not transparent enough to 
customers. As a result, there do exist various motivations for cloud server to behave unfaithfully and to return incorrect 
results, i.e., they may behave beyond the classical semi hones model. Thus, we argue that the cloud is intrinsically not secure 
from the viewpoint of customers. 

Disadvantages of Existing System: 

1) Fully homomorphic encryption (FHE) scheme, a general result of secure computation outsourcing has been shown viable 
in theory. 

2) The cryptography and the theoretical computer science communities have made steady advances in "secure outsourcing 
expensive computations". 

3) It is Semi-Honest Model. 

IV. PROPOSED SYSTEM 

Cloud computing economically enables the paradigm of data service outsourcing. However, to protect data privacy, 
sensitive cloud data has to be encrypted before outsourced to the commercial public cloud, which makes effective data 
utilization service a very challenging task. Focusing on engineering computing and optimization tasks, this paper investigates 
secure outsourcing of widely applicable linear programming computations. In order to achieve practical efficiency, our 
mechanism design explicitly decomposes the LP computation outsourcing into public LP solvers running on the cloud and 
private LP parameters owned by the customer. The resulting flexibility allows us to explore appropriate security/ efficiency 
tradeoff via higher-level abstraction of LP computations than the general circuit representation. The result verification 
mechanism is extremely efficient and incurs close-to-zero additional cost on both cloud server and customers. Extensive 
security analysis and experiment results show the immediate practicability of our mechanism design. 

ADVANTAGES: 

1) To combat against unauthorized information leakage, sensitive data have to be encrypted before outsourcing. 

2) To provide end to- end data confidentiality assurance in the cloud and beyond. 

3) The operational details inside the cloud are not transparent enough to customers. 

V. MODULE DESCRIPTION 

A) Mechanism Design Framework: 

We propose to apply problem transformation for mechanism design. The general framework is adopted from a 
generic approach, while our instantiation is completely different and novel. In this framework, the process on cloud server 
can be represented by algorithm ProofGen and the process on customer can be organized into three algorithms (KeyGen, 
ProbEnc, ResultDec). These four algorithms are summarized below and will be instantiated later. 

• KeyGen(lk) — » {K}. This is a randomized key generation algorithm which takes a system security parameter k, and returns 
a secret key K that is used later by customer to encrypt the target LP problem. 

• ProbEnc(K,o) — > {ok}. This algorithm encrypts the input tuple o into ok with the secret key K. According to problem 
transformation, the encrypted input 0k has the same form as 0, and thus defines the problem to be solved in the cloud. 

• ProofGen(ok) — ► {(y, T)}. This algorithm augments a generic solver that solves the problem K to produce both the output y 
and a proof T. The output y later decrypts to x, and is used later by the customer to verify the correctness of y or x. 
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• ResultDec(K, 0, y, p ) — > {x,l}. This algorithm may choose to verify either y or x via the proof T. In any case, a correct 
output x is produced by decrypting y using the secret K. The algorithm outputs 1 when the validation fails, indicating the 
cloud server was not performing the computation faithfully. 

B) Basic Techniques: 

Before presenting the details of our proposed mechanism, we study in this subsection a few basic techniques and 
show that the input encryption based on these techniques along may result in an unsatisfactory mechanism. However, the 
analysis will give insights on how a stronger mechanism should be designed. Note that to simplify the presentation, we 
assume that the cloud server honestly performs the computation, and defer the discussion on soundness to a later section. 
l)Hiding equality constraints (A, b): First of all, a randomly generated m x m non-singular matrix Q can be part of the secret 
key K. The customer can apply the matrix to Eq. 
(2) for the following constraints transformation, Ax = b — ► A'x = b' 
where A' = QA and b' = Qb. 

C) Enhanced Techniques via Affine Mapping: 

To enhance the security strength of LP outsourcing, we must be able to change the feasible region of original LP 
and at the same time hide output vector x during the problem input encryption. We propose to encrypt the feasible region of 
0 by applying an affine mapping on the decision variables x. This design principle is based on the following observation: 
ideally, if we can arbitrarily transform the feasible area of problem 0 from one vector space to another and keep the mapping 
function as the secret key, there is no way for cloud server to learn the original feasible area information. Further, such a 
linear mapping also serves the important purpose of output hiding. 

D) RESULT VERIFICATION: 

Till now, we have been assuming the server is honestly performing the computation, while being interested learning 
information of original LP problem. 

However, such semi honest model is not strong enough to capture the adversary behaviors in the real world. In many cases, 
especially when the computation on the cloud requires a huge amount of computing resources, there exists strong financial 
incentives for the cloud server to be "lazy". They might either be not willing to commit service-level-agreed computing 
resources to save cost, or even be malicious just to sabotage any following up computation at the customers. Since the cloud 
server promises to solve the LP problem 0k = (A',B', b', c'), we propose to solve the result verification problem by designing 
a method to verify the correctness of the solution y of 0k. The soundness condition would be a corollary thereafter when we 
present the whole mechanism in the next section. Note that in our design, the workload required for customers on the result 
verification is substantially cheaper than solving the LP problem on their own, which ensures the great computation savings 
for secure LP outsourcing. 

The LP problem does not necessarily have an optimal solution. There are three cases as follows. 

• Normal: There is an optimal solution with finite objective value. 

• Infeasible: The constraints cannot be all satisfied at the same time. 

• Unbounded: For the standard form, the objective function can be arbitrarily small while the constraints are all satisfied. 

VI. PERFORMANCE ANALYSIS 

A) THEORETIC ANALYSIS: 

1) CUSTOMER SIDE OVERHEAD: 

According to our mechanism, customer side computation overhead consists of key generation, problem encryption 
operation, and result verification, which corresponds to the three algorithms KeyGen, ProbEnc, and ResultDec, respectively. 
Because KeyGen and Result-Dec only require a set of random matrix generation as well as vector-vector and matrix-vector 
multiplication, the computation complexity of these two algorithms are upper bounded via 0(n2). Thus, it is straight -forward 
that the most time consuming operations are the matrix-matrix multiplications in problem encryption algorithm ProbEnc. 
Since m < n, the time complexity for the customer local computation is thus asymptotically the same as matrix-matrix 
multiplication, i.e., O(np) for some 2 < p < 3. In our experiment, the matrix multiplication is implemented via standard 
cubic-time method, thus the overall computation overhead is 0(n3). However, other more efficient matrix multiplication 
algorithms can also be adopted, such as the Strassen's algorithm with time complexity 0(n2.81) . In either case, the over all 
customer side efficiency can be further improved. 

2) SERVER SIDE OVERHEAD: 

For cloud server, its only computation overhead is to solve the encrypted LP problem 0k as well as generating the 
result proof T , both of which correspond to the algorithm ProofGen. If the encrypted LP problem 0 belongs to normal case, 
cloud server just solves it with the dual optimal solution as the result proof T , which is usually readily available in the 
current LP solving algorithms and incurs no additional cost for cloud . If the encrypted problem 0k does not have an optimal 
solution, additional auxiliary LP problems can be solved to provide a proof. Because for general LP solvers, executed at first 
to determine the initial feasible solution , proving the auxiliary LP with optimal solutions also introduces little additional 
overhead. Thus, in all the cases, the computation complexity of the cloud server is asymptotically the same as to solve a 
normal LP problem, which usually requires more than 0(n3) time . Obviously, the customer will not spend more time to 
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encrypt the problem and solve the problem in the cloud than to solve the problem on his own. Therefore, in theory, the 
proposed mechanism would allow the customer to outsource their LP problems to the cloud and gain great computation 
savings. 

3) EXPERIMENT RESULTS: 

We now assess the practical efficiency of the proposed secure and verifiable LP outsourcing scheme with 
experiments. We implement the proposed mechanism including both the customer and the cloud side processes in Matlab 
and utilize the MOSEK optimization through its MATLAB interface to solve the original LP problem and encrypted LP 
problem 0k. Both customer and cloud server computations in our experiment are conducted on the same workstation with an 
Intel Core 2 Duo processor running at 1.86 GHz with 4 GB RAM. In this way, the practical efficiency of the proposed 
mechanism can be assessed without a real cloud environment. We also ignore the communication latency between the 
customers and the cloud for this application since the computation dominates the running time as evidenced by our 
experiments. 

VII. CONCLUSIONS 

We formalize the problem of securely outsourcing LP Computations in cloud computing, and provide such a 
practical mechanism design which fulfills input/output privacy, cheating resilience, and efficiency. By explicitly 
decomposing LP computation outsourcing into public LP solvers and private data, our mechanism design is able to explore 
appropriate security/efficiency tradeoffs via higher level LP computation than the general circuit representation. We develop 
problem transformation techniques that enable customers to secretly transform the original LP into some arbitrary one while 
protecting sensitive input/output information. We also investigate duality theorem and derive a set of necessary and 
sufficient condition for result verification. Such a cheating resilience design can be bundled in the overall mechanism with 
close-to-zero additional overhead. Both security analysis and experiment results demonstrates the immediate practicality of 
the proposed mechanism. 
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